It is all well and good to believe technology is the solution to cybercrime. However, technology has its own inherent problems. From a quote I heard recently: “Technology is created by humans; humans make mistakes, and therefore technology will inherently have mistakes within it.”
Small businesses deal with two major problems with regards to cybercrime and cyber security. One is limited financial capability to purchase technology that could improve their business security. However, their biggest problem is complacency.
We regularly hear these three responses to the issue of complacency from SMEs:
- We are too small to be a target.
- We have nothing worth stealing.
- It will not happen to us.
Management often tell us that the role of cyber security has been delegated to “X;” therefore they do not have to worry about it. Although the responsibility may have been delegated to someone else, the authority to do anything about it typically remains with management. The flow on from this is that “X” often has minimal control over protecting the business. In most cases they have to operate within a limited and stretched IT budget and rely on a department or person who is only capable of firefighting.
Digital security is a component of risk management related to protecting your business just like all other risks that must be mitigated against. However, the risk of a cybercrime against the business or anyone in the business is between 60 and 90%. That is a likelihood I would like to mitigate against as much as possible.
Cyber security, or digital security, encompasses more than just technology. For example:
- It is no use putting in a next generation firewall if users have a simple password.
- It is no use putting in an anti-spam solution if the users are going to use an external web-based email program without the same stringent scanning processes.
- Cutting edge AV is not advantageous when the systems people are using in the office have not been patched in months.
Of course the above mentioned technologies are important, but education is really of the utmost importance. C Level executives, board members, managers and owners need to be educated as to why they cannot afford to be so complacent and why they actually hold the role of risk management in regards to cyber security. Additionally, all users of company technology need to be educated on how to safely set passwords, use email and social media, and other web basics.
I recently held a seminar on just such a topic. We are holding another one soon. (http://smesecurityframework.com.au/digital-security-awareness-seminar-senior-executives/)